Shangri-La Hotels

Director of Information Security (56045)

Shangri-La Hotels
Full Time
Lead (more than 10 years)

Job Description

Director of Information Security (56045)

Shangri-La International Hotel Management Ltd.





It takes a special kind of person to work at Shangri-La:

someone with an eye for details and the skills to perform;

someone with an attitude to deliver and a passion to delight.

Are you Shangri-La?


We are currently seeking a Director of Information Security to join our team in the Information Technology Division at the Corporate Office in Hong Kong.


Reporting to the Chief Information Officer, the Director of Information Security is responsible for all matters related to information security, data privacy and asset protection for the organization. This includes the development and implementation of a comprehensive information security and data protection program, technology refresh for information security controls, user education and training, compliance and enforcement, incident response and investigation, risk assessment, and contibution to disaster recovery planning.


Key Responsibilities



  • Development and implementation of a comprehensive company-wide information security and privacy program & standard procedures for information security operations
  • Review and give recommendation of the configuration setup for security appliances, software and equipment
  • Lead and manage risk assessment program targeting information security and privacy matters, recommend methods for vulnerability detection, prevention and remediation
  • Conduct periodic security audit review of network infrastructure and system activities
  • Manage the group-wide penetration test and PCI scanning program and security incident responses & reporting program
  • Work closely with data center operations, application team and service providers to ensure a secure, stable and continuous operation of the group's mission critical systems


Experiences and skills required


  • Minimum 10 years of experience in information security including the following key areas:
    • Technical evaluation of platform, products and tools related to information security and asset protection
    • Design and control of the configuration of security devices and software across multiple diverse geographic locations and numerous entry points to the envionment
    • Develop and administrate a comprehensive information security program, including writing policy and standards and training / education
    • Coordination of audit activities, vulnerability scanning, penetration testing, and similar
    • Compliance and incident handling / response including engagement with law enforcement and legal terms as necessary and approriate
  • Must demonstrate detailed understanding of system and software architecture and the current threat landscape surrounding each, with knowledge of the latest countermeasures or strategies for mitigating those theats
  • Must have practical, first-hand experience in the realms of PCI, post-attack forensic analysis, proactive controls and detection mechanisms, threat assessment and mitigation, and breach remediation
  • University degree, preferably in science, technology, engineering, or mathematics discipline
  • CISSP, CISA or GIAC-issued certification & ISO 27k experience is desirable

Professional Qualifications

  • Certified Information System Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)

Technical Skills

  • Audit
  • Compliance
  • Disaster Recovery Planning
  • Information Security
  • ISO
  • Mathematics
  • Risk Assessment
  • Software Architecture
  • Training